> I agree with Timothe that this doesn't seem worthwhile breaking backward > compatibility. I discovered only recently that browsers have changed their > behaviour in this area when a site that was depending on > receiving the full URL broke. > If someone is going to the trouble of enabling this option, then they're > doing so for a good reason and there's a reasonable chance they need the full > URL.
Entirely agree. I know cases where not a full URL in the referrer header will create regressions and sometimes not obvious. So, I don't think that changing the default behavior will be a good idea in this particular case. > I'm all for adding an option to add the host-only behaviour as an option, but > not to make it the default. Yes, I also think that this is the right way to do it. Thanks, Dmitry Karpov -----Original Message----- From: curl-library <curl-library-boun...@lists.haxx.se> On Behalf Of Dan Fandrich via curl-library Sent: Monday, October 17, 2022 10:17 AM To: curl-library@lists.haxx.se Cc: Dan Fandrich <d...@coneharvesters.com> Subject: [EXTERNAL] Re: On CURLOPT_AUTOREFERER privacy On Mon, Oct 17, 2022 at 04:34:05PM +0200, Daniel Stenberg via curl-library wrote: > On Mon, 17 Oct 2022, Timothe Litt via curl-library wrote: > > > > My initial PR for this work: > > > https://github.com/curl/curl/pull/9750 > > > > > Why change the default behavior? > > For improved privacy. Because the browsers sort of do it like this. I agree with Timothe that this doesn't seem worthwhile breaking backward compatibility. I discovered only recently that browsers have changed their behaviour in this area when a site that was depending on receiving the full URL broke. If someone is going to the trouble of enabling this option, then they're doing so for a good reason and there's a reasonable chance they need the full URL. I'm all for adding an option to add the host-only behaviour as an option, but not to make it the default. I could probably be convinced to change it in curl 8 when there's an expectation of some changes in behaviour. Dan -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
